Class: ExportClient
Private key export tool
Implements retrieving a server-side secret and generating compound (joint) private keys, similar to distributed key synchronization, but directly over collected secrets. After the server secret is collected, no further operations except that further exports and permanent secret removal may be performed.
Note
requires strict authorization distinct from SignerClient
Constructors
constructor
• new ExportClient(url
, auth
, crypto
)
Parameters
Name | Type | Description |
---|---|---|
url |
string |
signer service endpoint (HTTP(S)) |
auth |
AuthorizationSession |
authorization AuthorizationSession session to use |
crypto |
Crypto |
any valid Crypto to handle data and computations |
Properties
auth
• auth: AuthorizationSession
authorization AuthorizationSession session to use
crypto
• crypto: Crypto
any valid Crypto to handle data and computations
Methods
exportSecret
▸ exportSecret(secretId
): Promise
<void
>
Export server secret bound to secretId
Downloads a server-side secret (which invalidates it for SMPC purposes) and prepares to generate private keys. This procedure is repeatable until the secret is removed exportSecret
Parameters
Name | Type | Description |
---|---|---|
secretId |
string |
ID (UUID) of a secret in question |
Returns
Promise
<void
>
getCompoundEcdsaPrivateKey
▸ getCompoundEcdsaPrivateKey(curve
, derivationCoin
, derivationAccount
): string
Reconstructs a private key from exported secrets and derivation parameters
Each secret is used to generate key fragments (BIP-44 with path m/44'/(coin)'/(account)'/0'/0'
),
and then local key reconstruction is performed over these fragments in order to get a final private key.
Parameters
Name | Type | Description |
---|---|---|
curve |
"secp256k1" |
elliptic curve to use (only secp256k1 is supported at the moment) |
derivationCoin |
number |
coin property of HD key derivation (BIP-44) |
derivationAccount |
number |
account property of HD key derivation (BIP-44) |
Returns
string
a reconstructed private key (32 bytes)
getCompoundEddsaPrivateKey
▸ getCompoundEddsaPrivateKey(curve
, derivationCoin
, derivationAccount
): string
Reconstructs a private key from exported secrets and derivation parameters
Each secret is used to generate key fragments (BIP-44 with path m/44'/(coin)'/(account)'/0'/0'
),
and then local key reconstruction is performed over these fragments in order to get a final private key.
Parameters
Name | Type | Description |
---|---|---|
curve |
"ed25519" |
elliptic curve to use (only ed25519 is supported at the moment) |
derivationCoin |
number |
coin property of HD key derivation (BIP-44) |
derivationAccount |
number |
account property of HD key derivation (BIP-44) |
Returns
string
a reconstructed private key (32 bytes)
removeSecret
▸ removeSecret(secretId
): Promise
<void
>
Permanently removes a server secret bound to secretId
Parameters
Name | Type | Description |
---|---|---|
secretId |
string |
ID (UUID) of a secret in question The secret should be exported first. No further recovery is possible. |
Returns
Promise
<void
>